I always used ssh-agent to remember keys for me, but lately I started adding a timeout to keys so they don't get remembered indefinitely. Especially on my laptop: what if it gets stolen, the keys are still valid when it comes out of suspend mode. So now I type ssh-add -t 3600 so they are only valid for one hour. But, that is still not ideal as I need to remember that keys might be forgotten when I click on a button or menuitem in fvwm to start a new xterm-with-ssh. Otherwise I may be thrown out directly from the session or asked for a password or passphrase, depending on the SSH security settings. So, fvwm functions to the rescue:
AddToFunc SSHUR4 "I" Exec if ! ssh-add -l > /dev/null; then ssh-add -t 600 .ssh/id_dsa <&- 2>/dev/null ; fi; uxterm -fg black -bg '#e0e0e0' -geom 80x40 -title 'slogin $0' -vb -e ssh -e none $0 &
Now I can just use SSHR4 host.name and it will ask for the ssh passphrase when needed. In an fvwm menu item: AddToMenu Remote-Logins "idefix.net%mini-freebsd.xpm%" SSHR4 idefix.net and in an fvwm button: *FvwmButtons(Title idefix, Icon mini-freebsd.xpm, Action 'SSHUR4 idefix.net' )
2008-03-17 (#)
Time to change my signature at work: we switched off the last Sun server today. I updated my .signature which mentioned 'herding Suns' to 'herding systems'. Most server-hardware at work is from Dell running Linux but that doesn't sound as good.
2008-03-13 (#)
One of the little irritations at work was trying to find out what the exact error was of the printer when the helpdesk ticket just says 'printer problems'. Since HP laserjets will divulge everything via SNMP, I thought the complete information must be available. It is, and I gobbled together a perl script for our noc webserver. Public version in the perl noc stuff page.
2008-03-10 (#)
I found an interesting tidbit in the apache-config today: after setting the AuthLDAPBindPassword directive I could find the password in the server-info output. Which was to be expected, but still an interesting side-effect.
2008-02-15 (#)
The battery (and the charger) for the wardriver box arrived. Even with the room number and the department missing from the address label the internal mail still managed to deliver it to my desk.
2007-12-22 (#)
At work we now graph several temperatures in the serverroom (results are not public). We joked (or not..) last Friday that we could add a lot of sensors inside and outside the serverroom (that is where my thinking about 1-wire systems came in again) and have someone research this micro-climate and correlate the micro-climate with the ntp statistics. We did see the influence of the cold wind from the east on the pll stats of several ntp servers.
2007-12-12 (#)
After a Monday filled with part of the network at work being down I dug up the 'luxlite' text sign that clutters one of the desks at work. Digging up the protocol it listens to was harder as all searches with luxlite talk about a different protocol (which we do use in another text sign). So, this particular 'luxlite' uses a protocol which is known as Prolite Protocol which is not too hard to program. At this moment it signals everything works.
2007-12-03 (#)
Na wat aanpassingen aan de ups stats scripts komen er nu ook mooie jaaroverzichten uit: een jaar Eneco voltage en frequentie. Geen idee waar de universiteit electriciteit inkoopt maar in Utrecht is Eneco de netwerkbeheerder. In April is duidelijk te zien dat er toen aan de aansluiting wat veranderd is.
2007-09-25 (#)
About one and a half hour later, ntp.cs.uu.nl peaked at 1000.60 packets/second.
2007-09-25 (#)
I'm a timegeek, and part of that is making our timeserver at work perform great in the NTP Pool project. With the recently updated pool dns system, servers that have more upstream bandwidth get more clients. We have been ogling our ntp stats for ntp.cs.uu.nl a lot seeing how the client count is through the roof (the internal data structures of ntp can't count beyond 3500 clients without serious hacking) and traffic is rising seriously lately. Still waiting for the first time we get over 1000 packets/second ntp traffic. Our ntp server has no problem at all dealing with this.
2007-09-20 (#)
I visited a HP Procurve seminar yesterday about network security. Interesting talks, including one by the HP Procurve security architect. I had a chat with him about network loops which took down the university network a few times recently and he told me that HP Procurve switches now offer loop protection which would detect loops (even the ones that spanning tree would 'miss' because some older equipment may silently drop spanning tree packets), shutdown the originating port and report the error. The security architect told me that unauthorized loops and rogue dhcp servers are the major problems in university networks, and I agree. I found a weblog entry describing the HP Procurve loop protection very nicely.
2007-05-15 (#)
Recompiling php I noticed at the end that certain libraries were mentioned a lot in the final linking stage: -lcrypt -lcrypt -lpq -lldap -llber -lfreetype -lpng -lz -ljpeg -lcurl -lz -lresolv -lm -ldl -lnsl -lxml2 -lz -lm -lcurl -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv -lidn -lssl -lcrypto -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lz -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt. The winners: 12 -lz, 8 -lm, 7 -lxml2, 4 -lresolv, 4 -lcrypt ...
2007-04-04 (#)
I always thought the network performance of Linux was great, but in testing the new ftp archive server at work I found out that was wrong. Hitting it with apachebench for massive downloads of the same .iso file resulted in kernel messages about dropped tcp connections. With a simple google search on "TCP: drop open request from" I found a page with Linux network performance tuning tips. Those tips improved things: iso images flew out at wirespeed (gigabit). Lots of concurrent requests for a small file are still an issue, those stuck at somewhere above 1600 hits/second, way below wirespeed. It will do for the moment ;)
2007-02-20 (#)
Back.. From a visit to Paris this time. A project at work got me an invitation to the Lucent Alcatel user conference in Paris (lots of voip stuff there, information on new stuff in voip) and Mirjam had the idea to add a few days in Paris to visit all those places you have to visit as a tourist there. And lots of other tourists did just that...
2007-02-13 (#)
Other source of that headache: having a windows user manage his own .htpasswd file. At least, trying to enable this. 'We' (unix users) are used to htpasswd [-cmdps] passwordfile username being normal, but this was a case of "where do I click". And this seems to be hard: a program to open, edit (add users/modify passwords/delete users) and save .htpasswd files. So far the least problematic program for this task I found is htpasswdgenerator. One major issue was that this program only supports crypt() passwords in the 'Pro' version, and this is the default under unix (plaintext is not available in the unix version). The program isn't bugfree, it gives weird errors about its tempfiles.... pfff. Another program wanted complete control over both .htaccess and .htpasswd and an ftp account to upload files to the webserver. Uh, just write the .htpasswd file to the right path? Oh, and this all costs money.. 15 to 30 dollars for what is a bit of user-interface and minimal file handling.
2007-02-13 (#)
Source of a minor headache today: mod_authnz_ldap in apache 2.2 not doing what I want until I read the small print in the docs. Hope this bit: mod_authnz_ldap, Apache 2.2 and allowing all ldap users helps other people fix this.
2007-02-07 (#)
New irregular: Configuring ssh on a Netgear GSM7224 switch. One of those things you don't do too often and have to dig up bits of information on how to do it from varying locations.
2007-01-24 (#)
I took some pictures today of the remains of the collapsed towercrane. The site was guarded (although the guard decided to stay out of my pictures). It will be quite a project to remove the wreckage when investigations are done. In the last picture you indeed look right into the (empty at the time of the collapse) classroom.
2007-01-23 (#)
After the big news about the tower crane collapsing in Utrecht (Dutch) which was two buildings down from where I work. I had to be in a building right next to the remains of the crane today. Weird sight: everyone gone from the site (I saw a few people which looked like they were from the building company that owned the crane). And I saw at least two people with yet another job I don't want to swap with: guards who made sure nobody entered the closed off area. From what I hear from others, the location is guarded 24 hours per day.
2006-11-07 (#)
Dear Sun: Seeing 'no keyboard attached' as the last console message when I attach a Logitech usb keyboard to a blade is not the right answer.
Older news items for tag work ⇒